GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
336 advisories
Cross-site scripting in Apache ActiveMQ
Low
CVE-2010-0684
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Apache Tomcat vulnerable to Cross-site Scripting
Low
CVE-2007-2450
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
OIDC Logout redirect in keycloak
Low
CVE-2020-10734
was published
for
org.keycloak:keycloak-oidc-client-adapter-pom
(Maven)
Apr 28, 2022
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Low
CVE-2022-27195
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
Mar 16, 2022
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Low
CVE-2022-27206
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Mar 16, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Low
CVE-2022-25186
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin
Low
CVE-2022-25210
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API